9 Rules of Social Engineering
Rule 1 - Never pressure the victim.
Some people you deal with aren't just gullible; they need to feel trust before sharing passwords or money. If you can't establish that trust in your first conversation, let them know you're busy and suggest rescheduling for tomorrow. This approach helps build rapport and encourages trust.
Rule 2 - You don't feed anyone crap.
Never, ever let the victim think for even a second that you're desperate or have only one client. Use phrases like, "Just a moment," "Excuse me, I'll be back in a minute," or "Sorry, I need to take this call."
Rule 3 - Imagine You're Doing a Favor
Let the victim think that you are helping them.
Rule 4 - Make the Victim Feel Foolish in Their Own Eyes
Everything depends on the kind of victim you're dealing with. But here’s a simple example of how to work with a programmer:
'Can you help with setting up the FTP host?' Never say that you need the password. Instead, say, 'Wow, you have root on port 667, you need... SQL blah blah blah.' 'Do you know how to do that?'
Правило 5 - Всегда будьте заняты
if you’ve just started interacting with a random person, always act like you’re busy and have an urgent matter worth a million. Be the type who says, 'I want to help, but I’m very busy right now'; 'Let me finish this, then I’ll be able to help you without any distractions.'
When you’re in a trade and see someone writing in ALL CAPS, it definitely grabs attention, doesn’t it? Don’t make mistakes, at least in spelling; write correctly and use appropriate letter casing.
Rule 8 - You’ve Had a Similar Experience
Imply that you’ve been in a similar situation to the victim’s, but you really don’t want to cause them any harm. This will create more trust.
Rule 9 - It Seems You Truly Exist
If you’re working through social media, creating an appearance of activity won’t hurt.